Smarthphone apps have ‘backdoor secrets’ for hackers: Study

Smarthphone apps have ‘backdoor secrets’ for hackers: Study

Many mobile phone applications hold hard-coded secrets that allow others to access private data, according to a study that could lead to new measures to improve smartphone cybersecurity. According to the study, accepted for publication by the IEEE Symposium on Security and Privacy in 2020, mobile phone apps may exhibit hidden or harmful behavior that little to nothing users know about.

Researchers, including Zhiqiang Lin of Ohio State University in the U.S., said mobile apps generally come into contact with users through processing and response to user input. Referring to examples, Lin said, users often have to type certain words or phrases or click buttons and slide screens to take action on their phone. In the study, the researchers evaluated 150,000 apps: 1.00,000 based on the number of downloads from the Google Play Store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones. They found that 12,706 of those apps contained something that the scientists ‘backdoor secrets’ called: hidden behaviors within the app that accept certain types of content to cause behavior unknown to regular users. The researchers also found that some apps have built-in ‘master passwords’ which allows anyone with that password to access the app and any private information it contains. And some apps, they said, had secret access keys that could activate hidden options, including payment bypass.

“Both users and developers are all at risk if a villain has obtained these ‘back door secrets’,” said Lin. Motivated attackers could reverse engineer the mobile apps to discover them, he added. often mistakenly assume that reverse engineering their apps is not a legitimate threat, added Qingchuan Zhao, another co-author of the Ohio State University study.

“A major reason why mobile apps hold these ‘back door secrets’ is because developers have misplaced trust,” Zhao said. To really secure their apps, he said, developers need to perform security-relevant user input validations and push their secrets on the backend servers. “Many platforms allow user-generated content to be moderated or filtered before it is published,” Zhao said, adding that various social media sites, including Facebook, Instagram and Tumblr, restrict the content that users are allowed to publish on those platforms. #

“Unfortunately, there may be problems – for example, users know that certain words are forbidden in a platform’s policies, but they are not aware of examples of words that are considered forbidden words and could lead to content being blocked without the knowledge of users, “he said. “Therefore, end users may want to clarify vague platform content policies by seeing examples of forbidden words,” added Zhao.

(This story has not been edited by staff and is automatically generated from a syndicated feed.)

News

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Next year, Apple iPhone can use same android charger
Next year, Apple iPhone can use same android charger
The move is in response to looming EU legislation that aims to introduce a single charger for all phones and tablets sold in the bloc. Jess says the iPhone ...
Indian tablet market grows 68% in March 2022 quarter;  Lenovo leads
Indian tablet market grows 68% in March 2022 quarter; Lenovo leads
“Driven by the pandemic and the continuous rise and ebb of the COVID-19 cases, many of the sectors are persisting with hybrid or remote work. This is ...
Egypt anticipates reaching new IMF deal “within the month”
Egypt anticipates reaching new IMF deal “within the month”
Prime Minister Mostafa Madbouly stated in a televised news conference on Sunday that Egypt intends to conclude a new agreement with the International ...
Wage growth momentum slows among UK employers
China’s economy tumbles as lockdowns hit factories and retailers
Retail sales in April shrank 11.1per cent from a year earlier, the biggest contraction since March 2020, data from the National Bureau of Statistics (NBS) ...
Asus has released an update to Android 12 for the Zenfone 7 and Zenfone 7 Pro
Asus has released an update to Android 12 for the Zenfone 7 and Zenfone 7 Pro
Asus rolls out Android 12 update for the Zenfone 7 and Zenfone 7 Pro. As usual with such over-the-air rollouts, the new software is going out to different ...
They Always Run, a 2D side-scrolling action game, will be released on the PlayStation 4 this Thursday
They Always Run, a 2D side-scrolling action game, will be released on the PlayStation 4 this Thursday
You’ll be hunting down the galaxy’s most ruthless criminals, using your third arm to great advantage for targeted attacks and throws, destroying obstacles, ...
Dell's new low-end gaming laptops have Alienware-inspired features
Dell’s new low-end gaming laptops have Alienware-inspired features
Dell’s New Budget Gaming Laptops Bring Alienware-Inspired Features. Dell’s new gaming laptops are powered by 12th Gen Intel Core i5 and i7 H-Series CPUs and ...
researchers create iPhone virus that works even when the phone is turned off
researchers create iPhone virus that works even when the phone is turned off
How to use push notifications for growth — without annoying your customer. “Baloney!” you shout. How can malware run without electricity? The simple answer ...
GlaxoSmithKline Pharma details consolidated net loss of Rs 55 crore
GlaxoSmithKline Pharma details consolidated net loss of Rs 55 crore
For the financial year ended March 31, 2022, the company posted a consolidated net profit from continuing operations at Rs 381 crore, against Rs 287 crore in ...
Officials say China's economy is recovering as antivirus restrictions are lifted
Officials say China’s economy is recovering as antivirus restrictions are lifted
“We believe the operation of the economy is gradually improving in May as logistics is unblocked to ensure smooth access and support is increased for the ...
Show next
We will be happy to hear your thoughts

Leave a reply

Compsmag - Latest News In Tech and Business
Logo